Vulnerability CVE-2019-3644


Published: 2019-09-11

Description:
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

Type:

CWE-20

(Improper Input Validation)

Vendor: Mcafee
Product: Web gateway 
Version:
8.1.5
8.1.4
8.1.3
8.1.2
8.1.1
8.1.0
8.0.3
8.0.2
8.0.1
8.0.0
7.8.2.9
7.8.2.8
7.8.2.7
7.8.2.6
7.8.2.5
7.8.2.4
7.8.2.3
7.8.2.2
7.8.2.12
7.8.2.11
7.8.2.10
7.8.2.1
7.8.2
Product: Advanced threat defense 
Version:
4.6
4.4
4.2
4.0
Product: Active response 
Version:
2.4
2.3
2.2
2.1
2.0.1
2.0
1.1.0
1.0.0
Product: Enterprise security manager 
Version:
11.2.0
11.1.3
11.1.2
11.1.1
11.1.0
11.0.0
10.4.0
10.3.4
10.2.0

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://kc.mcafee.com/corporate/index?page=content&id=SB10296

Related CVE
CVE-2019-3646
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker...
CVE-2019-3638
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via t...
CVE-2019-3643
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
CVE-2019-3634
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unall...
CVE-2019-3633
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and...
CVE-2019-3637
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
CVE-2019-3621
Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked o...
CVE-2019-3622
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe lo...

Copyright 2019, cxsecurity.com

 

Back to Top